This invention relates in general to memory systems, and in particular to a memory system with versatile content control features.
Storage devices such as flash memory cards have become the storage medium of choice for storing digital content such as photographs. Flash memory cards may also be used to distribute other types of media content. Moreover, an increasing variety of host devices such as computers, digital cameras, cellular telephones, personal digital assistants (PDAs) and media players such as MP3 players now have the capability of rendering the media content stored in flash memory cards. There is thus great potential for flash memory cards, as well as other types of mobile storage devices, to become a widely used vehicle for distributing digital content.
One of the key concerns to owners and distributors of digital content is that only authorized parties should be allowed to access the content, after the content has been distributed, either through downloads from networks such as the Internet, or through the distribution of content on storage devices. One of the ways to avoid unauthorized access is to use a system for establishing the identity of the party before content access is granted to the party. Systems such as the public key infrastructure (PKI) have been developed for this purpose. In a PKI system, a trusted authority known as a certificate authority (CA) issues certificates for proving the identity of persons and organizations. Parties such as organizations and persons who wish to establish proof of identity may register with the certificate authority with adequate evidence for proving their identity. After the identity of the party has been proven to the CA, the CA will issue a certificate to such party. The certificate typically includes the name of the CA that issued the certificate, the name of the party to whom the certificate is issued, a public key of the party, and the public key of the party signed (typically by encrypting a digest of the public key) by a private key of the CA.
The private key and the public key of the CA are related so that any data encrypted using the public key may be decrypted by means of the private key, and vice versa. The private key and the public key thus form a key pair. An explanation of the private and public key pair for cryptography is provided by in “PKCS#1 v2.1:RSA Cryptography Standard,” dated Jun. 14, 2002, from RSA Security Inc. The public key of the CA is made publicly available. Therefore, when one party wishes to verify whether the certificate presented by another party is genuine, the verifying party may simply use the public key of the CA to decrypt the encrypted digest of the public key in the certificate using a decryption algorithm. The decryption algorithm is typically also identified in the certificate. If the decrypted digest of the public key in the certificate matches the digest of the unencrypted public key in the certificate, this proves that the public key in the certificate has not been tampered with and is genuine, based on trust in the CA and authenticity of the public key of the CA.
To verify the identity of a party, the verifying party typically will send a challenge (e.g. random number) and ask that the other party send his or her certificate as well as a response to the challenge (i.e. the random number encrypted with the private key of the other party). When the response and certificate are received, the verifying party first verifies whether the public key in the certificate is genuine by the process above. If the public key is verified to be genuine, the verifying party can then decrypt the response using the public key in the certificate, and compare the result to the random number sent originally. If they match, this means the other party does have the correct private key, and for that reason has proven his or her identity. If the public key in the certificate is not genuine, or if the decrypted response fails to match the challenge, authentication fails. Thus, a party wishing to prove his or her identity will need to possess both the certificate and the associated private key.
By means of the above mechanism, two parties who otherwise may not trust each other may establish trust by verifying the public key of the other party in the other party's certificate using the process described above. Recommendation X.509 from the International Telecommunication Union (ITU) Telecommunication Standardization Sector (ITU-T) is a standard that specifies certificate frameworks. More detailed information concerning certificates and their use can be found in this standard.
For convenience in administration, and in large organizations, it may be appropriate for a higher level CA, known as the root CA, to delegate the responsibility for issuing certificates to several lower level CAs. In a two level hierarchy, for example, the root CA at the top level issues certificates to the lower level CAs to certify that the public keys of these low level authorities are genuine. These lower level authorities, in turn, issue certificates to parties through the registration process described above. The verifying process starts from the top of the certificate chain. The verifying party will first use the public key of the root CA (known to be genuine) to first verify the genuineness of the public key of the lower level CA. Once the genuineness of the public key of the lower level CA has been verified, then the genuineness of the public key of the party to whom the lower level issued a certificate can be verified using the verified public key of the lower level CA. The certificates issued by the root CA and by the lower level CA then form a chain of two certificates of the party whose identity is being verified.
Certificate hierarchies may of course include more than two levels, where each CA except for the root CA at a lower level derives its authority from a higher level CA, and has a certificate containing its public key issued by the higher level CA. Therefore, in order to verify the genuineness of another party's public key, it may be necessary to trace the path or chain of certificates to the root CA. In other words, in order to establish one's identity, the party whose identity needs to be proven may need to produce the entire chain of certificates, all the way from its own certificate to the root CA certificate.
A certificate is issued for a certain validity period. However, the certificate may become invalid prior to the expiration of the validity period due to events, such as change of name, change of association with the certificate issuer, compromised or suspected compromise of the corresponding private key. Under such circumstances the certificate authority (CA) needs to revoke the certificate. The certificate authority publishes periodically a certificate revocation list, listing the serial numbers of all the certificates that have been revoked. In conventional certificate verification methods, the authenticating entity is expected to either possess or be able to retrieve certificate revocation lists from certificate authorities (CA) and check the serial numbers of the certificate presented for authentication against the list to determine whether the certificate presented has been revoked. Where the authenticating entity is a memory or storage device, the device on its own has not been used to retrieve certificate revocation lists from certificate authorities. As a result, the certificate presented for authentication cannot be verified by the memory or storage device. It is therefore desirable for an improved system to be provided which enables memory or storage devices to verify certificates without having to obtain certificate revocation lists.